PfSense 2.1 build 20130911-1816 - Directory Traversal

  • копипаста
    <authenticated users="" with="" only="" permission="" to="" access="" some="" packages="" in="" web="" gui<br="">(a.k.a. webConfigurator) will be able to escalate themselves to other
    privileged admin by reading /conf/config.xml file through bugs (i.e. Snort
    LFI), result in fully compromise the pfSense.

    This attack abuse the user privilege scheme with some of official packages
    (System > Package Manager)

    • Session Hijacking also possible to steal less privileged user sessions to
      perform this trick  due to "http" admin by default webConfigurator.></authenticated>